Karl.Fail

Tag: samsung

  • Critical Vulnerability in Samsung Mobile Processor and Modem – CVE-2025-27891

    Overview of CVE-2025-27891

    A critical vulnerability has been discovered in several Samsung Mobile Processors, Wearable Processors, and Modems, including the Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. This issue, tracked as CVE-2025-27891, is caused by the lack of a length check, leading to out-of-bounds reads when malformed NAS packets are received.

    Details of the Vulnerability

    The vulnerability occurs because these processors fail to check the length of incoming NAS (Non-Access Stratum) packets, which are used in mobile communication. If the packets are malformed, it can result in out-of-bounds memory reads, potentially leading to information disclosure or other unintended behavior in the affected devices. This could allow attackers to exploit the vulnerability remotely without requiring user interaction.

    This issue is particularly critical for devices relying on these Samsung processors, including smartphones, wearables, and modem units, as it poses a risk to the confidentiality of the system and can potentially impact system availability.

    CVSS Score and Impact

    The CVSS v3.1 score for CVE-2025-27891 is 9.1, indicating a critical vulnerability. The CVSS vector string for this vulnerability is: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H, which indicates the following:

    • Attack Vector (AV): Network – The vulnerability can be exploited remotely.
    • Attack Complexity (AC): Low – The vulnerability does not require complex conditions to exploit.
    • Privileges Required (PR): None – No special privileges are required to exploit the vulnerability.
    • User Interaction (UI): None – The vulnerability can be exploited without user interaction.
    • Confidentiality Impact (C): High – An attacker could gain access to sensitive data.
    • Integrity Impact (I): None – The integrity of the system data is not affected.
    • Availability Impact (A): High – The vulnerability could cause system instability or downtime.

    Mitigation

    Samsung has acknowledged the issue and is working on providing updates to address the vulnerability. Users of affected devices should monitor the official Samsung Semiconductor security updates page for patches and further guidance. To mitigate the risk, it is recommended that users update their devices as soon as patches are made available.

    For further information, visit Samsung’s official security update pages: Samsung Security Updates and CVE-2025-27891 Details.

    Conclusion

    The CVE-2025-27891 vulnerability highlights the importance of proper validation checks within mobile processors and modems. Samsung users are urged to apply updates promptly to prevent potential exploitation of this critical flaw.

  • CVE-2025-4632: Critical Path Traversal Vulnerability in Samsung MagicINFO 9 Server

    Overview

    On May 13, 2025, Samsung disclosed a critical vulnerability identified as CVE-2025-4632 in its MagicINFO 9 Server product. The issue affects all versions prior to 21.1052 and allows unauthenticated remote attackers to write arbitrary files to the server with system-level privileges. This flaw is a classic example of a Path Traversal vulnerability, categorized under CWE-22.

    What is Path Traversal?

    Path Traversal, also known as Directory Traversal, occurs when an application fails to properly restrict file paths, enabling attackers to manipulate variables referencing files. This can result in unauthorized file access or writing, potentially overwriting sensitive or executable files.

    Technical Details

    The vulnerability is caused by improper limitation of a pathname to a restricted directory. In the case of MagicINFO 9 Server, attackers can exploit this flaw via network access without authentication, sending specially crafted requests that include manipulated path values. If successful, they can upload malicious files, such as web shells, effectively gaining control over the system.

    Severity and CVSS Score

    This issue has been rated CRITICAL under the CVSS v3.1 scoring system, with a base score of 9.8. The vector string is:

    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    This score indicates that the attack is possible over a network, requires no user interaction or privileges, and results in a full compromise of confidentiality, integrity, and availability.

    Impact

    According to CAPEC-650, this vulnerability may allow attackers to upload a web shell to the server, providing persistent remote access and the ability to execute arbitrary commands. Given that the server processes these actions as system authority, the impact can be total system compromise.

    Mitigation

    Samsung has released an update in version 21.1052 to patch this vulnerability. All users and administrators of MagicINFO 9 Server should:

    • Immediately upgrade to version 21.1052 or later
    • Audit server logs for suspicious file write operations
    • Implement strict network-level protections to limit exposure

    Conclusion

    CVE-2025-4632 underscores the dangers of insufficient file path validation in enterprise systems. Given the critical nature of this bug and its potential for full system takeover, it is imperative for affected users to update immediately and follow best practices in application hardening.

    For more details, consult the official Samsung security bulletin: SVP-MAY-2025.